Chief ICT security officer

Chief ICT security officers protect company and employee information against unauthorized access. They also define the Information System security policy, manage security deployment across all Information Systems and ensure the provision of information availability.

Includes people performing corporate security functions.

The following job titles also refer to chief ICT security officer:

chief ICT security officers
chief information security officer
fead of IT security
CISO
head IT security officer

Bachelor’s degree is generally required to work as chief ICT security officer. However, this requirement may differ in some countries.

ISCO skill level is defined as a function of the complexity and range of tasks and duties to be performed in an occupation. It is measured on a scale from 1 to 4, with 1 the lowest level and 4 the highest, by considering:

• the nature of the work performed in an occupation in relation to the characteristic tasks and duties
• the level of formal education required for competent performance of the tasks and duties involved and
• the amount of informal on-the-job training and/or previous experience in a related occupation required for competent performance of these tasks and duties.

Chief ICT security officer is a Skill level 4 occupation.

These occupations, although different, require a lot of knowledge and skills similar to chief ICT security officer.

chief technology officer
chief information officer
numerical tool and process control programmer
3D modeller
embedded system designer

These occupations require some skills and knowledge of chief ICT security officer. They also require other skills and knowledge, but at a higher ISCO skill level, meaning these occupations are accessible from a position of chief ICT security officer with a significant experience and/or extensive training.

This knowledge should be acquired through learning to fulfill the role of chief ICT security officer.

Information security strategy: The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.
Ict network security risks: The security risk factors, such as hardware and software components, devices, interfaces and policies in ICT networks, risk assessment techniques that can be applied to assess the severity and the consequences of security threats and contingency plans for each security risk factor.
Decision support systems: The ICT systems that can be used to support business or organisational decision making.
Ict security standards: The standards regarding ICT security such as ISO and the techniques required to ensure compliance of the organisation with them.
Audit techniques: The techniques and methods that support a systematic and independent examination of data, policies, operations and performances using computer-assisted audit tools and techniques (CAATs) such as spreadsheets, databases, statistical analysis and business intelligence software.
Ict security legislation: The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.
Organisational resilience: The strategies, methods and techniques that increase the organisation’s capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.
Cyber security: The methods that protect ICT systems, networks, computers, devices, services, digital information and people against illegal or unauthorised use.

These skills are necessary for the role of chief ICT security officer.

Manage it security compliances: Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.
Ensure compliance with legal requirements: Guarantee compliance with established and applicable standards and legal requirements such as specifications, policies, standards or law for the goal that organisations aspire to achieve in their efforts.
Manage disaster recovery plans: Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.
Implement ict risk management: Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company’s risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.
Ensure information privacy: Design and implement business processes and technical solutions to guarantee data and information confidentiality in compliance with legal requirements, also considering public expectations and political issues of privacy.
Monitor technology trends: Survey and investigate recent trends and developments in technology. Observe and anticipate their evolution, according to current or future market and business conditions.
Maintain plan for continuity of operations: Update methodology which contains steps to ensure that facilities of an organisation are able to continue operating, in case of broad range of unforeseen events.
Ensure adherence to organisational ict standards: Guarantee that the state of events is in accordance with the ICT rules and procedures described by an organisation for their products, services and solutions.
Lead disaster recovery exercises: Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.
Utilise decision support system: Use the available ICT systems that can be used to support business or organisational decision making.
Implement corporate governance: Apply a set of principles and mechanisms by which an organisation is managed and directed, set procedures of information, control flow and decision making, distribute rights and responsibilities among departments and individuals, set corporate objectives and monitor and evaluate actions and results.

This knowledge is sometimes, but not always, required for the role of chief ICT security officer. However, mastering this knowledge allows you to have more opportunities for career development.

Haskell: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Haskell.
Erlang: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Erlang.
Sas language: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in SAS language.
Ruby (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Ruby.
Common lisp: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Common Lisp.
Lisp: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Lisp.
Computer forensics: The process of examining and recovering digital data from sources for legal evidence and crime investigation.
Visual studio .net: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Visual Basic.
Java (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Java.
Computer programming: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms (e.g. object oriented programming, functional programming) and of programming languages.
Prolog (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Prolog.
Openedge advanced business language: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in OpenEdge Advanced Business Language.
Javascript: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in JavaScript.
Perl: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Perl.
Smalltalk (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Smalltalk.
Php: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in PHP.
Software anomalies: The deviations of what is standard and exceptional events during software system performance, identification of incidents that can alter the flow and the process of system execution.
Assembly (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Assembly.
C#: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in C#.
Internet governance: The principles, regulations, norms and programs that shape the evolution and use of internet, such as internet domain names management, registries and registrars, according to ICANN/IANA regulations and recommendations, IP addresses and names, name servers, DNS, TLDs and aspects of IDNs and DNSSEC.
R: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in R.
Groovy: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Groovy.
Asp.net: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in ASP.NET.
Cyber attack counter-measures: The strategies, techniques and tools that can be used to detect and avert malicious attacks against organisations’ information systems, infrastructures or networks.
Apl: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in APL.
Tools for ict test automation: The specialised software to execute or control tests and compare predicted testing outputs with actual testing results such as Selenium, QTP and LoadRunner
Microsoft visual c++: The computer program Visual C++ is a suite of software development tools for writing programs, such as compiler, debugger, code editor, code highlights, packaged in a unified user interface. It is developed by the software company Microsoft.
Typescript: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in TypeScript.
World wide web consortium standards: The standards, technical specifications and guidelines developed by the international organisation World Wide Web Consortium (W3C) which allow the design and development of web applications.
Web application security threats: The attacks, vectors, emergent threats on websites, web applications and web services, the rankings of their severity identified by dedicated communities such as OWASP (Open Web Application Security Project).

Coffeescript: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in CoffeeScript.
Objective-c: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Objective-C.
Ml (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in ML.
Ajax: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in AJAX.
C++: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in C++.
Sap r3: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in SAP R3.
Swift (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Swift.
Matlab: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in MATLAB.
Ict recovery techniques: The techniques for recovering hardware or software components and data, after failure, corruption or damage.
Ict system user requirements: The process intended to match user and organisation’s needs with system components and services, by taking into consideration the available technologies and the techniques required to elicit and specify requirements, interrogating users to establish symptoms of problem and analysing symptoms.
Python (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Python.
Ict encryption: The conversion of electronic data into a format which is readable only by authorized parties which use key encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL).
Scratch (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Scratch.
Vbscript: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in VBScript.
Cobol: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in COBOL.
Pascal (computer programming): The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Pascal.
Abap: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in ABAP.
Internet of things: The general principles, categories, requirements, limitations and vulnerabilities of smart connected devices (most of them with intended internet connectivity).
Ict process quality models: The quality models for ICT services which address the maturity of the processes, the adoption of recommended practices and their definition and institutionalisation that allow the organisation to reliably and sustainably produce required outcomes. It includes models in a lot of ICT areas.
Scala: The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms in Scala.

These skills and competences are sometimes, but not always, required for the role of chief ICT security officer. However, mastering these skills and competences allows you to have more opportunities for career development.

Create solutions to problems: Solve problems which arise in planning, prioritising, organising, directing/facilitating action and evaluating performance. Use systematic processes of collecting, analysing, and synthesising information to evaluate current practice and generate new understandings about practice.
Manage staff: Manage employees and subordinates, working in a team or individually, to maximise their performance and contribution. Schedule their work and activities, give instructions, motivate and direct the workers to meet the company objectives. Monitor and measure how an employee undertakes their responsibilities and how well these activities are executed. Identify areas for improvement and make suggestions to achieve this. Lead a group of people to help them achieve goals and maintain an effective working relationship among staff.
Optimise choice of ict solution: Select the appropriate solutions in the field of ICT while taking into account potential risks, benefits and overall impact.
Use different communication channels: Make use of various types of communication channels such as verbal, handwritten, digital and telephonic communication with the purpose of constructing and sharing ideas or information.
Coordinate technological activities: Give instructions to colleagues and other cooperating parties in order to reach the desired outcome of a technological project or achieve set goals within an organisation dealing with technology.
Train employees: Lead and guide employees through a process in which they are taught the necessary skills for the perspective job. Organise activities aimed at introducing the work and systems or improving the performance of individuals and groups in organisational settings.

2529 – Database and network professionals not elsewhere classified

 

 

---

 

 

References

1. Chief ICT security officer – ESCO